Reliability as an Interdomain Service

ABSTRACT

A system and techniques are disclosed that increase the redundancy (i.e., physical diversity and bandwidth) available to an IP network, thereby increasing the failure processing capability of IP networks. The techniques include pooling the resources of multiple networks together for mutual backup purposes to improve network reliability and employing methods to efficiently utilize both the intradomain and the interdomain redundancies provided by networks at low cost.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention generally relates to network services, and moreparticularly to providing interdomain services for network reliability.

2. Brief Description of the Related Art

Reliability is a major concern in Internet Protocol (IP) networks. Asthe Internet becomes a critical infrastructural component of the globalinformation-based society, the availability and resilience of theInternet under failures can have significant global and social effects.

Various techniques have been developed to improve communication networkreliability. For example, in the past, networks have relied on linklayer techniques, such as SONET rings, to protect networks againstfailures. More recently, due to the relatively high cost of SONETprotection and the lower cost and improved flexibility of IP, networksnow utilize the IP layer to handle failures.

In some implementations, restoration techniques have been used in the IPlayer for rerouting data under potential failures. A potential drawbackof these restoration techniques is their relatively slow response time,which may not be able to meet the requirements of some mission-criticalapplications (e.g., VPN networks carrying VoIP traffic). The restorationtechniques also can include MPLS-based protection techniques thatpre-compute rerouting paths and quickly reroute traffic upon failuredetection. The two basic protection mechanisms are link protection(i.e., fast rerouting (FRR)), and path protection. In FRR, a detouraround a failed link is created. In path protection, the sources offlows using a failed link are identified and rerouted to avoid thefailed link. An advantage of path protection is that, since alternatepaths are computed for each source, it can avoid potential bottlenecksaround the head end of a failed link, and thus achieve better reroutingperformance.

Although these techniques have enhanced IP network reliability, theygenerally require significant investments. Accordingly, a majorchallenge remains in obtaining redundancy in IP networks at a reasonablecost. As used herein, the term redundancy refers to both the diversityof physical connectivity and the over-provisioning of bandwidth to carrytraffic originally passing through any failed equipment. In addition,with the cost of over-provisioning and, in particular, the expenses toobtain rights-of-way to install alternative paths (e.g., along naturalgas pipelines, highways or railways), many IP networks, in particularInternet Service Provider (ISP) networks, face the challenge of addingredundancy in a cost-effective way to stay competitive in the highlycompetitive ISP market.

SUMMARY OF THE INVENTION

A system and techniques are disclosed that increase the redundancy(i.e., physical diversity and bandwidth) available to an IP network,thereby increasing the failure processing capability of IP networks. Thetechniques include pooling the resources of multiple networks togetherfor mutual backup purposes to improve network reliability and employingmethods to efficiently utilize both the intradomain and the interdomainredundancies provided by networks at low cost.

For example, large IP networks that cover the same geographic regionsand install their routers at similar sites (e.g., major cities) can beoverlayed, such that for two sites in both networks, when one networkdoes not have direct links between these two sites, the other networkmay have. Preferably, even when both networks have direct links betweenthese two sites, the links can be placed at different locations (e.g.,one along highway and the other along railway). Thus, when there is afailure inside one network, the other network can provide redundancy. Byproviding a system that allows neighboring networks to use the resourcesof each other as backup, the present invention provides improved networkreliability at low social and network cost.

Various aspects of the system relate to generating paths based onflow-based routing representations. For example, according to oneaspect, a system for providing network reliability includes a firstnetwork, a second network operatively coupled to the first network, anda control module operatively coupled to the first and second networks.The control module is adapted to provide a bypass path linking first andsecond portions of the first network in response to a connectivityfailure in said first network.

Preferably, the control module routes data packets between said firstand said second portions of said first network using said bypass path.In one preferred embodiment, the bypass path is a data path between thefirst and second networks. Preferably, the control module signals theavailability of the data path using a Border Gateway Protocol message.

In one embodiment, the controller extracts a plurality of data pathsfrom at least one of the first and second networks and computes aselected path to route said plurality of data packets using trafficengineering. The controller also can compute fast rerouting upon anetwork failure in the first or second network and selects the selectedpath based on the computation.

In one preferred embodiment, the controller distinguishes voice andvirtual private network (VPN) data packets from the data packets androutes the voice and VPN data packets over the selected path. Thecontroller can also calculate the selected path by converting a flowrepresentation of the data packets transmitted between an origin anddestination router to a path-based routing representation.

In one preferred embodiment, the controller calculates the selected pathby determining a maximum unsplittable flow between the origin anddestination routers that satisfies a service level delay constraint. Thecontroller can also select the selected path using a mixed integerprogram (MIP).

In another aspect, a method for providing network reliability includescoupling operatively a first network to a second network, and providinga control module operatively coupled to the first and second networks.The control module providing a bypass path linking first and secondportion of said first network in response to a failure in said firstnetwork.

In one preferred embodiment, the method includes routing data packetsbetween the first and second portions of the first network using thebypass path. Preferably, the bypass path is a data path between thefirst and second networks. The method also can include signaling theavailability of the data path using a Border Gateway Protocol message.

In another preferred embodiment, the method includes extracting aplurality of data paths from at least one of the first and secondnetworks, and computing a selected path to route the data packets usingtraffic engineering. The method also can include calculating fastrerouting upon a network failure in the first or second network andselecting the selected path based on the computation.

The method can also include distinguishing voice and virtual privatenetwork (VPN) data packets from the data packets, and routing the voiceand VPN data packets over the selected path.

In one embodiment, the method includes calculating the selected path byconverting a flow representation of the data packets transmitted betweenan origin and destination router to a path-based routing representation.The method can also include calculating the selected path by determininga maximum unsplittable flow between the origin and destination routersthat satisfies a service level delay constraint. In one embodiment, themethod also includes selecting the selected path using a mixed integerprogram (MIP).

In some embodiments, one or more of the following advantages may bepresent. The system can improve the effectiveness of both restorationand protection implementations by utilizing them over an augmentedintradomain topology with virtual links that correspond to additionalinterdomain bypass paths. The added virtual links can increase theredundancy available to these techniques, and therefore can improvealgorithmic performance.

A system, as well as articles that include a machine-readable mediumstoring machine-readable instructions for implementing the varioustechniques, are disclosed.

Other objects and features of the present invention will become apparentfrom the following detailed description considered in conjunction withthe accompanying drawings. It is to be understood, however, that thedrawings are designed as an illustration only and not as a definition ofthe limits of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating use of interdomain bypass for apartitioned network backbone.

FIG. 2 is a block diagram illustrating REIN interdomain bypass pathssignaling according to the present invention.

FIG. 3 is an example REIN-PATH-AVAILABLE message.

FIG. 4 is a flow chart for generating paths based on flow-based routing.

FIG. 5 is detailed formulation and method for implementing Robust FastRerouting according to the present invention.

FIG. 6 illustrates construction of a path-based routing.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The present invention protects an IP network against failures from bothinside and outside the network by protecting intradomain links anddirectly connected interdomain (peering) links. An example of the typeof events the present invention can address is shown in connection withFIG. 1.

FIG. 1 illustrates a system 5 that includes a major backbone network 10partitioned into two disconnected components 10A, 10B by two fiber cuts.A result of such partition can lead to the disconnection oflong-distance service for millions of customers, network partitions forcorporations that rely on the carrier to link office networks, andsubstantially decreased throughput of transcontinental Internet trafficrouted over the backbone.

As shown in FIG. 1, in one preferred embodiment, the system 5 includes aserver 12 that provides reliability services, hereinafter referred to asa REIN server, and that can route traffic between disconnectedcomponents through a neighboring IP network 14. As used herein, the terminterdomain bypass paths refers to such routes through neighboring IPnetworks. As shown in FIG. 1, both of the two disconnected components10A, 10B of the network 10 have peers connected to a neighboringnetwork. For example, FIG. 1 shows one peering 16 between the backbone10 and the neighboring network at Los Angeles, and another peering 18 ofthe two networks at Dallas. Accordingly, using the present invention,the backbone network 10 can use the neighboring network 14 as a backupand thus greatly reduce the impact of the partitioning.

The REIN server 12 can be useful when an JP network is not partitioned,but nevertheless does not have enough redundant bandwidth to reroutetraffic around failures. Such a network can benefit from the additionalbandwidth made available through the server 12. For example, if afailure occurs in an educational network, such as the Abilene networkwhere, when two links are down, a single link can become a bottleneckand the total traffic demand on that link could be almost three (3)times its capacity even under optimal rerouting. However, using thepresent invention, the network can handle the failure scenarios withoutover-loading any links.

Similar to traditional Internet interdomain business relationships, theREIN server 12 can support multiple business models for the sharing ofinterdomain bypass paths. For example, in one preferred embodiment, theREIN server 12 supports a peering model where networks A and B providemutual backup without financial settlement. This implementation canimprove the reliability of both networks at low cost, and thus provideboth networks with incentives. Similar to the traditional Internetpeering relationship which depends on symmetry in traffic, the REINserver 12 can provide enforcement of symmetry in bypass path capacityprovisioning and usage. A potential advantage of using the REIN server12 for mutual backup through peering is that the two networks involvedtend to have similar geographic coverage and thus the bypass paths areless likely to have long detour delay.

In another preferred embodiment, the REIN server 12 supports a cost-freemodel without the requirement for symmetry. For example, referring backto the educational network example, the educational network can beoverlapped with many commercial IP networks. Although in typical casesthe education network would not carry any commercial traffic, it ispossible using the REIN server 12 of the present invention, that theeducation network provides interdomain bypass paths for commercialnetworks in emergencies, as these commercial networks are part of acritical national infrastructure.

In another preferred embodiment, the REIN server 12 supports aprovider-customer model. This is similar to the traditionalprovider-customer relationship in the Internet; that is, network A paysnetwork B to provide bypass paths. The cost model can be either a fixedpricing model or a usage-based pricing model. The usage of the bypasspaths (e.g., in terms of amount of time and/or traffic volume) can belimited to avoid potential abuse. In the preferred embodiment, a bypasspath provider can charge lower prices just as some ISPs charge lowerprices for backup BGP links (e.g., shadow links of UUNet).

Turning now to FIG. 2, the REIN server 12 of the present invention cansignal the existence of Interdomain Bypass Paths from network B 20 tonetwork A 22. As shown in FIG. 2, network A 22 peers with network B 20at multiple locations referred to as points of presence (PoPs).

As shown in FIG. 2, there can be multiple choices of protocols ormechanisms for network A 22 and B 20 to signal interdomain bypass paths.In one preferred embodiment, each network includes a dedicated REINserver 12A-C, and the protocol disclosed can be run over a TCPconnection between the REIN servers 12A-C.

in one preferred embodiment, for example, to discover interdomain bypasspaths re-entering at border router a1 24 of network A 22 throughneighboring network B 20, a1 24 makes a special BGP announcement to itscorresponding peer b1 26, over the existing eBGP session 28 between a124 and bh 26. The destination address of the BGP announcement is a1 24.Preferably, the BGP announcement is considered a request for bypasspaths in network B 20 through bh 26 back to a1 24. The message caninclude additional attributes such as desired starting points of thebypass paths (e.g., starting from a2 30 to B 20 and then to a1 24) anddesirable bandwidth. Preferably, the additional attributes are carriedas opaque attributes in the BGP message. The message carries a uniqueBGP community tag REIN PATH REQUEST to enable special treatment withineach network.

Preferably, the BGP announcement goes through standard BGP export/importpolicies and is imported into the routing information base of b1 26.Periodically, inside B 20, the REIN server 12 extracts from borderrouters such request announcements using the tag REIN PATH REQUEST, andcomputes the interdomain bypass paths that it can provide, subject toits local policy. Preferably one objective of the local policy is tomitigate the operational difficulties involved in the planning forcarrying another network's traffic. For instance, network B's 20 localpolicy could specify that bypass paths are provided to network A 22 onlythrough lightly-loaded links.

In one preferred embodiment, if network B 20 provides bypass paths fromborder router b2 34, the REIN server 12 b configures b2 34 to announce aBGP update message carrying a unique BGP community tag REIN PATHAVAILABLE to its peer a2 36. An example message sent from b2 34 to a2 36is shown in FIG. 3.

In one preferred embodiment, the bypass path attribute in the REIN PATHAVAILABLE message does not include the complete router path inside B 20,to protect B's 20 private information. Preferably, the exported valuesof bandwidth are relatively stable to avoid frequent re-computation. Inaddition, in one preferred embodiment, the bandwidths are allocatedbandwidths instead of the total bandwidth of a bypass path. In addition,the bandwidth(s) can be constrained by the bandwidths of the peeringlinks. However, since it may be cost-effective to over-provision thebandwidth of a peering link than that of a link connecting two farawaylocations, this might be a lesser concern. A delay value can also beused by network A 22 when there is delay requirement. Furthermore, thepath metrics may also include pricing information in a more flexiblesystem.

Preferably, the REIN servers 12A-C coordinate shared risk link groups(SRLGs) between the neighboring networks to assign consistent SRLG IDsto links or use a global information database. Two links belong to thesame SRLG if they are considered to be likely to fail together. Anexample is two links that share some common conduit at some segment.

In one preferred embodiment, periodically, inside network A 22, usingthe tag REIN PATH AVAILABLE, the REIN server 12A extracts interdomainbypass paths announced by neighboring networks 20, 40. The server 12Athen computes how to use these paths to improve reliability. For thosepaths the REIN server 12A chooses to use, the server 12A sends a BGPupdate message with a unique BGP community tag REIN PATH COMMIT toinform neighboring networks 20, 40. The neighboring networks 20, 40 canthen configure their data forwarding path to allow usage of the path (asdescribed below). It will be appreciated by one skilled in the art thatthis protocol can be extended to allow interdomain by-pass paths totraverse several networks.

A main data-path capability provided by the system is to allow trafficto leave and re-enter a network. This can be problematic in the priorart due to the separation of intradomain and interdomain routing.Specifically, a problem can occur relating to potential forwarding loopsinside a neighboring network. Forwarding loops cannot arise in thehierarchical Internet routing, because that would imply a loop in ASpaths. However, direct usage of interdomain bypass paths may causeforwarding loops. For example, consider the preceding example when theinterdomain bypass path a2 36->b2 34->b1 26->a1 24, is used. When a2 36uses the bypass path, it encapsulates a packet using source address a236 and destination address a1 24, and sends the encapsulated packet tob2 34. However, a router inside B 20 close to b2 34 may look up thedestination address a1 24 and send the packet back to b2 34, causing aforwarding loop. To address this issue, in one preferred embodiment, theREIN server 12A establishes an interdomain GMPLS to setup an interdomainlabel switched path (LSP) for the whole interdomain bypass path. Inanother preferred embodiment, b2 34 configures an intradomain LSP fromb2 34 to b1 26, and notifies a2 36 about the LSP. Then a2 36 uses IPtunneling to forward packets to b2 34, where the tunnel header (e.g.,shim header) indicates that the LSP from b2 34 to bh 26 should be used.

As discussed above, interdomain bypass paths can be utilized in multipleways. Now, a fast rerouting algorithm to efficiently utilize these pathswill be described. It will be appreciated by one skilled in the art thatthe below described techniques can be applied both with and withoutinterdomain bypass paths. For ease of understanding, the phrase‘interdomain bypass paths’ is also referred to as ‘interdomain bypasslinks’ or ‘virtual links’. A coverage-based path generation techniquealso will now be described that can be used to implement other trafficengineering related algorithms.

Referring back to FIG. 1, in one preferred embodiment, the REIN server12 implements protection which pre-computes rerouting paths to use uponfailure detection. As mentioned previously, there are two basicprotection mechanisms: link protection (i.e., fast rerouting), and pathprotection. In fast rerouting, a detour around a failed link is created.In path protection, the sources of all flows using the failed link arenotified and detour to avoid the failed link.

In one preferred embodiment, the method executed by the REIN server 12comprises two steps. In the first step, the REIN server 12 computesoptimal routing using traffic engineering when there are no failures. Inthe second step, the REIN server 12 computes fast rerouting forhigh-priority failure scenarios (i.e., when the total number of failurescenarios is exponential) on top of traffic engineering. Fast rerouteprovides a mechanism for automatically rerouting traffic on an LSP if anode or link in an LSP fails, thus reducing the loss of packetstraveling over the LSP. Fast rerouting is accomplished by precomputingand pre-establishing a number of detours along the LSP. Each detour isestablished by an upstream node with the intent of avoiding the linktoward the immediate downstream node and the immediate downstream nodeitself. Each detour might traverse through one or more label-switchedrouters.

Preferably, when the server 12 computes fast rerouting, it distinguishesimportant traffic (e.g., voice and VPN) and selects intradomain links,if possible, to protect such traffic.

Traffic engineering uses statistical techniques, such as queuing theoryto predict and engineer the behavior of telecommunications networks,such as telephone networks or the Internet. The field was created by thework of A. K. Erlang in whose honor the unit of telecommunicationstraffic intensity, the Erlang, is named. The derived unit of trafficvolume also incorporates his name. His Erlang distributions are still incommon use in telephone traffic engineering. The crucial observation intraffic engineering is that in large systems the law of large numberscan be used to make the aggregate properties of a system over a longperiod of time much more predictable than the behavior of individualparts of the system. The queueing theory originally developed forcircuit-switched networks is applicable to packet-switched networks. Themost notable difference between these sub-fields is that packet-switcheddata traffic is self-similar. This is a consequence of the calls beingbetween computers, and not people.

Teletraffic theory was first developed by Agner Erlang forcircuit-switched architectures such as the PSTN. As such, the basics ofteletraffic theory is best introduced by examining teletraffic conceptsas they relate to PSTNs. The measurement of traffic in PSTNs allowsnetwork operators to determine and maintain the Quality of Service (QoS)and in particular the Grade of service (GoS) that they offer theirsubscribers. The QoS of a network must be maintained or else operatorswill lose subscribers. The performance of a network depends on whetherall origin-destination pairs are receiving a satisfactory service.

Networks are handled as loss systems where calls that cannot be handledare given equipment busy tone or queuing systems where calls that cannotbe handled immediately are queued. Congestion is defined as thesituation when exchanges or circuit groups are inundated with calls andare unable to serve all the subscribers. Special attention must be givento ensure that such high loss situations do not arise. To help determinethe probability of congestion occurring, operators should use the ErlangEquations or the Engset calculation. Exchanges in the PSTN make use ofTrunking concepts to help minimize the cost of the equipment to theoperator. Modern switches generally have full availability and do notmake use of Grading concepts. Overflow systems make use of alternativerouting circuit groups or paths to transfer excess traffic and therebyreduce the possibility of congestion.

Queueing systems used in telephone networks have been studied as ascience. For example, subscribers are queued until they can be served.If subscribers are made to wait too long, they may lose patience anddefault from the queue, resulting in no service being provided.

A very important component in PSTNs is the SS7 Network used to routesignalling traffic. As a supporting network, it carries all thesignaling messages necessary to set up, break down or provide extraservices. The signaling enables the PSTN control the manner in whichtraffic is routed from one location to another.

Transmission and switching of calls is performed using the principle ofTime-Division Multiplexing (TDM). TDM allows multiple calls to betransmitted along the same physical path, reducing the cost ofinfrastructure. A good example of the use of teletraffic theory inpractice is in the design and management of a call center. Call centersuse teletraffic theory to increase the efficiency of their services andoverall profitability through calculating how many operators are reallyneeded at each time of the day.

Teletraffic engineering in broadband networks is a well-understooddiscipline in the traditional voice network, where traffic patterns areestablished, growth rates can be predicted, and vast amounts of detailedhistorical data are available for analysis. However, in modern BroadbandNetworks, the teletraffic engineering methodologies used for voicenetworks are inappropriate.

In one preferred embodiment, the server 12 implements optimal trafficengineering and fast rerouting using IP/MPLS. However, computation ofoptimal traffic engineering and fast rerouting directly using path-basedrouting (i.e., routing specified by how traffic is split among LSPs canbe intractable, since there can be exponential number of candidate LSPsbetween each origin-destination (OD) pair. The server 12 then uses arepresentation called flow-based routing, in which the routing isspecified at each link by the fraction of traffic of each OD pair thatis routed on this link.

Accordingly, the system uses a flow-based routing representation to makecomputation tractable and then a path generation method to convert theflow-based routing into a practical implementation, as described below.

Preferably, the REIN server 12 integrates Traffic Engineering (TE)/FRRwith VPNs using flow-based routing. For example, in one preferredembodiment, the REIN server 12 first conducts traffic engineering todetermine base routing without failures. The uncertainty to handle inthis case is traffic volume variations. Preferably, the server 12 basesthe TE formulation using either the traditional oblivious routingtechnique developed by Applegate and Cohen or the COPE techniquedeveloped by Wang et al. and extends their techniques to provide VPNsupport. In oblivious routing, a system of optional paths is chosen inadvance for every source-destination pair, and every packet for thatpair must travel along one of these optional paths. Thus, the path apacket takes only depends on its source-destination pair (and maybe arandom choice to select one of the options.

For example, in one preferred embodiment, the server 12 represents inits memory a network by a graph G=(V,E), where V is the set of routersand E is the set of intradomain links. A variable E′ is assigned the setof interdomain bypass links. The capacity of link l(i,j) from node i tonode j is denoted by cap(i,j).

The server 12 assigns a memory variable X denote the set of all possibletraffic demand matrices. Each traffic demand matrix dεX represents theend-to-end traffic demand between any two nodes inside the network. Fortraffic with destination outside the network, the server 12 preferablyuses the COPE technique, as is known in the art, to convert interdomaintraffic demand to intradomain traffic demand.

Next, the server 12 assigns a function o(f,d) to be the performance offlow-based routing f under traffic demand matrix dεX, where theflow-based routing f is specified by a set of valuesf={f_(ab)(i,j)|a,bεV,(i,j)εE} and f_(ab)(i,j) specifies the fraction ofdemand from a to b that is routed over the link (i,j). Note that thisformulation assumes all traffic demand will be routed by trafficengineering. In addition, the formulation is extended to cover the casethat most OD pairs are routed using a default routing (e.g., OSPF/ISIS),and only selected, major OD pairs (e.g., heavy hitters) are involved indefining f. Furthermore, the server 12 can aggregate routers inside aPoP for scalability. For example, in one preferred embodiment, theserver 12 defines the function o(f,D) to be the aggregated performanceof routing f on the set D, where DεX is the set of common-case trafficdemands. Preferably, the aggregation is performed, for example, bytaking the maximum, or a weighted average.

In one preferred embodiment, the server 12 assigns a function o(f, χ) tobe the penalty (cost) of routing f under traffic demand ft. Then theobjective of the basic robust TE problem, and thereby the server 12, isto search for a base routing f that optimizes o(f, D), subject to aworst-case penalty bound r on c(f, d) for all dεX.

As VPNs are particularly important to ISPs, in some preferredembodiments, the server 12 adds additional constraints to the precedingrobust TE problem formulation. For example, in one preferred embodiment,the server 12 uses the known Hose model to specify VPN demand. Virtualprivate networks (VPN) provide a cost-effective means of meeting thecommunication needs among several sites. The hose model for VPNconfiguration alleviates the scalability problem of the pipe model byreserving bandwidth for traffic aggregates instead of between every pairof endpoints. Existing studies on quality of service (QoS) guarantees inthe hose model deal only with bandwidth requirements. For each source(or destination) αεV, the server 12 denotes ECR(α) (resp. ICR(α)) thetotal egress (resp. ingress) committed rate, which is the guaranteedtotal demand to (resp. from) all other nodes inside the network forVPNs. Then the additional constraints guarantee bandwidth provisioningfor VPNs. Specifically, these constraints can be used to ensure that thebase routing f is able to route, without overloading any intradomainlink lεE, an arbitrary VPN traffic demand matrix d^(w) that conforms tothe ECR and ICR specification.

Preferably, the REIN server 12 also implements robust fast rerouting.For example, in one preferred embodiment, the server 12 computes routingusing the preceding formulation for f*. The server 12 then proceeds tocompute fast rerouting f^(th) on top of f*, to protect against eachhigh-priority link failure scenario h, where h⊂E represents the failureof a set of links belonging to one or more SRLGs. The fast reroutingcomputation can use not only intradomain links in E but also interdomainbypass links in E′ To be robust to traffic variations when a failurescenario happens, in one preferred embodiment, the server 12 computesfast rerouting that minimizes the oblivious ratio on all possible totaltraffic demands.

Due to the high priority and sensitivity of VPN traffic, the server 12can compute separate fast reroutings, f^(h,B) for best-effort trafficand f^(h,V) for VPN traffic, with the requirement that all VPN trafficbe completely rerouted using intradomain links only. In anotherpreferred embodiment, the server 12 computes a common fast rerouting,f^(h) for both best-effort and VPN traffic. The detailed formulation andmethod implemented by the server 12 are mathematically shown in FIG. 5.

In one preferred embodiment, the server 12 processes peering linkfailures. For example, the method executed by the server 12 can beextended to directly connected interdomain peering links and takeadvantage of the point to multipoint flexibility for interdomaintraffic. This appears can occur in the normal routing case and in thefast rerouting case. For the fast rerouting case, when an intradomainlink i to j fails, the detour is a flow from i to j. As a contrast, foran interdomain link from i to a neighboring network B, the server 12 canuse multiple peering points at B:b₁, b₂, . . . , b_(B), where the b'sare border gateway routers between A and B. Accordingly, the server 12can compute multiple flows (i→b₁), i→b₂), . . . , (i→b_(B)), and beextended to allow multiple egress networks.

Once the REIN server 12 computes base routing and fast rerouting usinglinear programming techniques and generates flow-based routingrepresentations, the server 12 then converts the flow-based routing to apath-based routing with bounded performance penalty.

For example, in one preferred embodiment, the REIN server 12 uses flowdecomposition to convert any flow-based routing representations to apath-based routing using up to |E| paths per OD pair. In an IP network,however, |E| could be large. Accordingly, the REIN server 12 considersthe tradeoff between the number of paths and the performance gain, andenables one to choose paths based on preferences between performance andscalability.

A formalized notion of selecting effective paths to approximate aflow-based routing will now be described below. A method executed by theREIN server 12 to carry out this approximation will also be described.The method described includes two configurable parameters that can havedifferent effects on performance and scalability.

The concept of coverage of a set of paths will now be described.Consider a flow-based routing f={f_(ab)(i,j)|a, bεV, (i,j)εE}. For eachOD pair a→b, a graph is constructed where each edge (i,j) has a capacityof f_(ab)(i,j). Without loss of generality, an assumption is made thatall cycles in f have already been removed, and thus the graph is adirected acyclic graph (DAG).

Next, Let P_(ab)={P_(ab) ^(k)|k=1, . . . , K} be a given set of K pathsfrom a to b. A path-based routing over P_(ab) specifies the fraction oftraffic to be carried by each path in P_(ab). Specifically, a path-basedrouting over can be represented by a vector χ_(ab)={χ_(ab) ^(k)0|k=1, .. . , K}, where χ_(ab) ^(k) denotes the fraction of demand from a to bthat is routed on path P_(ab) ^(k). The value of χ_(ab), denoted by|χ_(ab)|, is defined as

$\begin{matrix}{{x_{ab}} = {\sum\limits_{k = 1}^{K}x_{ab}^{k}}} & (1)\end{matrix}$

A path-based routing χ_(ab) is valid if its value is 1.

DEFINITION 1. A set P_(ab) of paths from a to b is a Q-percentagecoverage path set (or Q-percentage path set for short) for flow-basedrouting f_(ab) if there exists a path-based routing χ_(ab) over P_(ab)that satisfies the following two conditions:

$\begin{matrix}{{x_{ab}} = Q} & (2) \\{{{\sum\limits_{k,{{({i,j})} \in P_{ab}^{k}}}x_{ab}^{k}} \leq {f_{a}{b\left( {i,j} \right)}}},{\forall{\left( {i,j} \right) \in E}}} & (3)\end{matrix}$

Moreover, a set P=∪_(a,bεV)P_(ab) is called a Q-percentage coverage pathset for flow-based routing f if, for each OD pair a→b, P_(ab) is aQ-percentage path set of f_(ab).

With the coverage of a set of paths, the server 12 can determine howwell a set of paths approximate a given flow-based routing. This processcan be stated formally as the following lemma:

LEMMA 1. Given a flow-based routing f and a Q-percentage path set P forf, a valid path-based routing χ={χ_(ab)|a,bεV} over P can be constructedsuch that for any demand d, the routed traffic on any link lεE under χis upper bounded by 1/Q of the routed traffic on l under f.

A detailed proof of the above Lemma 1 is shown in FIG. 6.

In general, consider any network performance metric a which is afunction of |E|+1 variables: the utilization u_(l) of link lεE and afunction z(d) of a traffic demand matrix d; that is, m=m(u_(l), u₂, . .. , u_(|E);z(d)). Here, z(d) can be any function, as long as it dependsonly on d. One example z(d) is the optimal link utilization of thenetwork under d. If m is monotonic increasing with respect tou_(l)(lεE), we have

PROPOSITION 1. Given a flow-based routing f and a Q-percentage path setP for f, a valid path-based routing χ over P can be constructed suchthat for any demand d, the performance metric m under χ is upper boundedby m(1,Q·u_(l), . . . , 1/Q·u_(|E|);z(d)), where u_(l) is theutilization of link l under f.

For example, assume that m(u₁, u₂, . . . , u_(|E|);z(d))

max_(lεE)u₁, which is a popular TE performance metric referred to as thebottleneck traffic intensity or maximum link utilization (MLU). Then theconstructed valid path-based routing χ guarantees that, for any demandd, its bottleneck traffic intensity is at most 1/Q times that of theoriginal flow-based routing f.

Having described the notion of the coverage of a path set, a methodexecuted by the REIN server 12 is described. The method can be used forfinding a small number of paths P guided by a flow-based routing f. Themethod to generate paths P_(ab) from (a to b based on f_(ab) ispresented in FIG. 4. To generate the complete path set P, the samealgorithm is repeated for each OD pair.

Generally, there can be two approaches to the termination condition. Thefirst is to generate no more than a fixed number, K, of paths per ODpair, hereinafter referred to as IC-path coverage. A network may adoptthis approach if it knows the maximum number of paths it wants to selectfor any OD pair. The network can then evaluate the performance of theselected path set by computing its coverage. The second approachterminates only after a certain coverage is achieved for every OD pair,and can thus bound the performance. This approach is hereinafterreferred to as Q-percentage coverage.

As shown in step 4 of the method, the method computes the maximalunsplittable flow between a and b that satisfies the service levelagreement (SLA) delay constraint. Preferably, the REIN server 12 doesthis in polynomial time based on the observation that a link with thelowest capacity on the maximal unsplittable flow path should besaturated. Specifically, the server 12 partitions links according totheir capacities. For a certain capacity value C, the server 12constructs a subgraph by removing all links with capacity less than C7.The server 12 then computes the lowest delay path from source a todestination b in this subgraph. If the delay of the computed pathsatisfies the SLA delay requirement, the server 12 has identified thatthere is an unsplittable flow satisfying the SLA constraint with flowrate at least C. Then, the server 12 conducts a binary search over allcapacity values to identify the maximum unsplittable flow rate. Giventhis algorithm, at step 8, the server 12 removes at least one link inthe network. Thus, in the worst case, the path set calculated consistsof |E| paths.

The preceding description of processing assumes interdomain bypass pathsto be used are already chosen. The system can also address the issuethat an IP network may receive many interdomain bypass paths andselectively use a subset of these paths. Advantageously, this can reduceconfiguration overhead and/or cost for bypass paths with non-zero cost.

In one preferred embodiment, the server 12 selects interdomain bypasspaths in two steps. In the first step, the server 12 selects interdomainbypass paths to improve the physical connectivity of the network. In thesecond step, the server 12 augments this selection with additionalinterdomain bypass paths to improve the performance of optimal fastrerouting for high priority failure scenarios.

Preferably, the server 12 selects interdomain bypass paths such that thelink connectivities of all intradomain links are above a certain level(e.g., greater than 2 or 3). Formally, server 12 defines the linkconnectivity of a link as follows.

DEFINITION 2 (LINK CONNECTIVITY). The link connectivity of a link is theminimal number of links (including the link itself) that must be removedin order to disconnect the two endpoints of this link.

For any link lεE the server 12 denotes the function EC(l) to be the linkconnectivity of l. Accordingly, the function EC is hereinafter referredto as the link connectivity function.

Since each interdomain bypass path has associated (allocated)bandwidth(s) and aggregated delay, the server 12 first prunes thosebypass paths with low bandwidths and long delays. Preferably, thethresholds used in this pruning process depend on the SLA requirementsof the IP network. Among the interdomain bypass paths that survive thepruning, the server 12 selects a subset that minimizes the total costwhile achieving the target connectivities.

This selection problem is defined by the server 12 as follows. Given

-   -   a multigraph G=(V,E) that represents the network, similar to        that defined in previously, except that G can contain parallel        links due to the existence of multiple physical links between        some pair of nodes;    -   a set BYPASS of interdomain bypass links, each of which        represents a different available interdomain bypass path. For a        link lεBYPASS, cost(l) can denote the cost of using the        corresponding interdomain bypass path. There may be parallel        links in BYPASS as there may be multiple interdomain bypass        paths between the same pair of intradomain nodes from multiple        neighboring networks.    -   a link connectivity requirement function req for a selected (low        connectivity) link set L⊂E;        the server 12 selects a subset E′⊂BYPASS such that, in the        augmented graph G′=(V,E∪E′), the link connectivity        EC_(G′)(l)≦req(l), ∀lεL, and the total cost, as defined by        cost(E′)=Σ_(lεE′)cost(l) is minimized.

In one preferred embodiment, the server 12 formulates the selectionproblem as a Mixed Integer Program (MIP). Specifically, the server 12assigns a memory location G=(V, E∪BYPASS) to be a flow network with unitcapacity on all links. Next, the server 12 assigns variables χ(l)ε{0,1},lεBYPASS to be the indicator variables of interdomain bypass linkselection, such that χ(l)=1 if bypass link l is selected, and 0otherwise. The MIP is preferably formulated as follows:

$\begin{matrix}{\min {\sum\limits_{l \Subset {BYPASS}}{{{cost}(l)} \cdot {x(l)}}}} & (4)\end{matrix}$

subject to (s, t)=lεL, f_((s,t)) is a s-t flow such that:

$\begin{matrix}{{0 \leq {f_{({s,t})}(l)} \leq 1},{l \in E}} & (5) \\{{0 \leq f_{({s,t})} \leq {x(l)}},{l \in {BYPASS}}} & (6) \\{{\sum\limits_{k \in V}{f_{({n,t})}\left( {s,k} \right)}} \geq {{req}\left( {s,t} \right)}} & (7)\end{matrix}$

It will be appreciated by one skilled in the art that in the above MIP,the server 12 implements the Maximum-Flow Min-Cut Theorem to implicitlyencode the link connectivity requirement. The max-flow min-cut theoremis a statement in optimization theory about maximum flows in flownetworks. It derives from Menger's theorem. It states that the maximumamount of flow is equal to the capacity of a minimal cut. In otherwords, the theorem states that the maximum flow in a network is dictatedby its bottleneck. Between any two nodes, the quantity of materialflowing from one to the other cannot be greater than the weakest set oflinks somewhere between the two nodes. The server 12 then solves the MIPusing ILOG CPLEX®, which is a mathematical programming optimizer.

In one preferred embodiment, the server 12 further augments the set ofinterdomain bypass paths to ensure desired performance level during fastrerouting. Note that the server 12 performs bypass selection in both ofthe two steps of the disclosed optimal fast rerouting algorithm. First,bypass selection determines part of the input set of links for optimalfast rerouting. Second, the coverage-based path generation phase of thefast rerouting algorithm selects paths that provide good coverage. Someof such paths may need to traverse interdomain bypass paths.

Preferably, the first sorts all available interdomain bypass paths frombest to worst according to a scoring function. The scoring functionemployed can be cost, unit cost per bandwidth, or some combination ofcost and bandwidth constraints. For each k, the server 12 selects thefirst k paths and tests the performance of fast rerouting based on thisset of bypass paths. The selection process stops once the performancetarget is achieved.

Although preferred embodiments of the present invention have beendescribed herein with reference to the accompanying drawings, it is tobe understood that the invention is not limited to those preciseembodiments and that various other changes and modifications may beaffected herein by one skilled in the art without departing from thescope or spirit of the invention, and that it is intended to claim allsuch changes and modifications that fall within the scope of theinvention.

1. A system for providing network reliability comprising: a firstnetwork; a second network operatively coupled to said first network; anda control module operatively coupled to said first and second networks,said control module adapted to provide a bypass path linking first andsecond portions of said first network in response to a connectivityfailure in said first network.
 2. The system of claim 1, wherein saidcontrol module routes data packets between said first and said secondportions of said first network using said bypass path.
 3. The system ofclaim 1, wherein said bypass path is a data path between said first andsecond networks.
 4. The system of claim 3, wherein said control modulesignals the availability of said data path using a Border GatewayProtocol message.
 5. The system of claim 3, wherein said controllerextracts a plurality of data paths from at least one of said first andsecond networks and computes a selected path to route said plurality ofdata packets using traffic engineering.
 6. The system of claim 5,wherein said controller computes fast rerouting upon a network failurein said first or second network and selects said selected path based onthe computation.
 7. The system of claim 6, wherein said controllerdistinguishes voice and virtual private network (VPN) data packets fromsaid data packets and routes said voice and VPN data packets over saidselected path.
 8. The system of claim 6, wherein said controllercalculates said selected path by converting a flow representation ofsaid data packets transmitted between an origin and destination routerto a path-based routing representation.
 9. The system of claim 8,wherein said controller calculates said selected path by determining amaximum unsplittable flow between said origin and destination routersthat satisfies a service level delay constraint.
 10. The system of claim9, wherein said controller selects said selected path using a mixedinteger program (MIP).
 11. A method for providing network reliabilitycomprising: coupling operatively a first network to a second network;and providing a control module operatively coupled to said first andsecond networks, said control module providing a bypass path linkingfirst and second portion of said first network in response to a failurein said first network.
 12. The method of claim 11, comprising routingdata packets between said first and second portions of said firstnetwork using said bypass path.
 13. The method of claim 11, wherein saidbypass path is a data path between said first and second networks. 14.The method of claim 13, comprising signaling the availability of saiddata path using a Border Gateway Protocol message.
 15. The method ofclaim 13, comprising: extracting a plurality of data paths from at leastone of said first and second networks; and computing a selected path toroute said data packets using traffic engineering.
 16. The method ofclaim 15, comprising calculating fast rerouting upon a network failurein said first or second network and selects said selected path based onthe computation.
 17. The method of claim 16, comprising: distinguishingvoice and virtual private network (VPN) data packets from said datapackets; and routing said voice and VPN data packets over said selectedpath.
 18. The method of claim 16, comprising calculating said selectedpath by converting a flow representation of said data packetstransmitted between an origin and destination router to a path-basedrouting representation.
 19. The method of claim 18, comprisingcalculating said selected path by determining a maximum unsplittableflow between said origin and destination routers that satisfies aservice level delay constraint.
 20. The method of claim 19, comprisingselecting said selected path using a mixed integer program (MIP).